Hello community
I'm a SCCM 2012 R2 administrator and i've worked out a script, which automatically integrates applications into SCCM (so that you don't have all the klicks anymore, the script is very customized)
If the deploymenttype is a scriptinstaller the application is detected by a simple powershellcode which is looking for a key of our paket-branding.
The script might look like this:
if (test-path "HKLM:\System\COMPANYNAME\Adobe Flash Player 22 NPAPI_Adobe Systems Incorporated_22.0.0.209") {write-host "Installed"}
This detection script is generated while my application integration script runs, and filled in automatically.
However i worked out, that this method worked very well with powershell version 3.0 and the clientsettings\computer agent\Powershell execution policy "Bypass"
But with Windows Management Engine 5.0 it's not working anymore.
I've found out that the line "Powershell.exe -executionpolicy bypass -file PSFILE.ps1" is not working anymore with PS Version 5.0, with powershell 3.0 it's working fine.
i guess that's because they stuffed this "security issue" in powershell.
On the client the AppDiscovery.log shows that the discovery method could not run because the script is not signed.
Is there a possiblity to set an executionpolicy for different scopes via GPO?
I mean like to say for the SYSTEM-Account it's bypass and for the Users it's still "AllSigned"?
or do you have other ideas how to avoid the problem expect set the "RemoteSigned" or digitally sign the detectionscript while my application-integration script is running (because this would be really annoying).
Thanks for your advice.
Best regards,
Ben